Overview

overview

7

Static

static

7

4e3490adb7...78.exe

windows7-x64

7

4e3490adb7...78.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/01/2024, 11:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4e3490adb702ae3b86915ffe269d0e78.exe

  • Size

    2.9MB

  • MD5

    4e3490adb702ae3b86915ffe269d0e78

  • SHA1

    e8f7a3718cc5397a0fbf6508a68aa9d3c84f6fcb

  • SHA256

    6023379efb91da33aaa5280200af8e79a9306ff71aebcfacd4d479878eea1e28

  • SHA512

    046a3fbaf288d95a5975351f9ffd138ae3c427c6cd0d4595c8842f5cff20ffbc797f13a4193109e02934b2352efff1cde8d734696a616ec2a35b7a00f1e6f1c3

  • SSDEEP

    49152:Gom1VafO9sHd7wwFu58RiN74NH5HUyNRcUsCVOzetdZJ:81V0d7ww0p4HBUCczzM3

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e3490adb702ae3b86915ffe269d0e78.exe
    "C:\Users\Admin\AppData\Local\Temp\4e3490adb702ae3b86915ffe269d0e78.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3904
    • C:\Users\Admin\AppData\Local\Temp\4e3490adb702ae3b86915ffe269d0e78.exe
      C:\Users\Admin\AppData\Local\Temp\4e3490adb702ae3b86915ffe269d0e78.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4e3490adb702ae3b86915ffe269d0e78.exe
    Filesize

    100KB

    MD5

    340dea2a5423d111e901dbb165c30da4

    SHA1

    dec84e842b0086eab51edec84fd7b49315a61e7d

    SHA256

    9fec276f3763a27df4f6bc8f76f0a16b3b212525077e38f48c2a9e5e91c535e8

    SHA512

    e95c9ad43d7c9d446f1fe2594a0426fb4e7b38e445e9d37e79449bb416b3d9c76eaef08553a219b4ad5c3a1acfa929e249c93a5217e7a23a2517b29fe7ec170c

    Download Submit

  • memory/3904-1-0x0000000001BF0000-0x0000000001D23000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3904-0-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3904-2-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3904-12-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4188-15-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/4188-14-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4188-21-0x0000000005630000-0x000000000585A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4188-20-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4188-13-0x0000000001D30000-0x0000000001E63000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4188-28-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download